Musina  Local  Municipality 
RISK  MANAGEMENT 


POLICY 

1.  Introduction 

The  management  of  risk  is  the  process  by  which  the  Accounting  Officer,  Chief 
Financial  Officer  and  the  other  senior  management  of  Musina  Local  Municipality 
will  pro-actively,  purposefully  and  regularly,  but  at  least  annually,  identify  and 
define  current  as  well  as  emerging  business,  financial  and  operational  risks  and 
identify  appropriate,  business  and  cost  effective  methods  of  managing  these  risks 
within  Musina  Local  Municipality,  as  well  as  the  risk  to  the  stakeholders. 

2.  Purpose  and  scope 

This  Policy  addresses  key  elements  of  the  risk  management  framework  to  be 
implemented  and  maintained  by  Musina  Local  Municipality,  which  will  allow  for  the 
management  of  risks  within  defined  risk/return  parameters,  risk  appetite  and 
tolerances  as  well  as  risk  management  standards.  As  such,  it  provides  a 
framework  for  the  effective  identification,  evaluation,  management,  measurement 
and  reporting  of  Musina  Local  Municipality's  risks. 

The  risk  management  framework  and  this  Policy  adopt  a  broad  definition  of  risk  as 
follows: 


It  is  the  chance  of  an  event  occurring  that  will  have  an  impact  (threat  or 
opportunity)  upon  the  achievement  of  the  Municipality’s  business 
objectives. 

Risk  is  often  created  by: 

■  Changes  that  takes  place  within  the  Municipality  (i.e.  people,  systems, 
processes,  technology,  legislation  and  regulations); 

■  External  influences  (i.e.  economics,  availability  of  human  resources  and 
damages); 

■  Operations  and  complexity  of  processes; 

■  Volume  of  activities  within  a  Municipality;  and 

■  The  nature  of  the  control  environment. 

By  defining  risk  in  terms  of  an  impact  upon  the  achievement  of  those  business 
objectives,  Musina  Local  Municipality’s  risk  management  framework  should 
recognize  the  need  to  manage  risk  so  that  the  Municipality  is  sustainable  as  well 
as  able  to  timeously  meet  its  obligations  to  its  broader  stakeholders  (i.e.  the 
community,  financiers,  and  service  providers). 


This  concept  of  risk  includes  risk  events  in  all  of  the  following  categories: 

Operational; 

Strategic; 

External; 

Physical;  and 
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Financial. 


The  primary  goals  of  Musina  Local  Municipality’s  Risk  Management  Program  are  to 
support  the  overall  mission  of  the  Municipality  by: 

■  Supporting  balance  sheet  protection. 

■  Supporting  business  continuity. 

■  Supporting  reputation  risk. 

■  Defining  risk  management  roles  and  responsibilities  within  the  Municipality  and 
outlining  procedures  to  mitigate  risks  so  as  to  ensure  a  dynamic  and  demonstratable 
process  in  which  responsibility  rests  with  line  management  with  overall  responsibility 
vested  in  the  Accounting  Officer  and  Chief  Financial  Officer. 

■  Ensuring  pro-active,  consistent,  integrated  and  acceptable  management  of  risk 
throughout  the  Municipality. 

■  Defining  a  reporting  framework  to  ensure  regular  communication  of  pre-define  risk 
management  information  to  Council,  Audit  and  Executive  Committees,  senior 
management  and  officials  engaged  in  risk  management  activities. 

■  Remaining  flexible  to  accommodate  the  changing  risk  profile  and  management  needs 
of  the  Municipality  while  maintaining  control  of  the  overall  risk  position. 

■  Document  the  approved  methodology  for  risk  measurement. 

■  Providing  a  system  or  process  to  accommodate  the  central  accumulation  of  risk  data 
such  as  the  development  and  maintenance  of  a  risk  register,  which  must  form  part  of 
operational  support  and  procedures. 


3.  Objective  of  the  risk  policy 

The  objective  of  the  risk  policy  is  to  ensure  that  a  strategic  plan  is  developed  that 
should  address  the  following: 

■  An  effective  risk  management  architecture; 

■  A  reporting  system  to  facilitate  risk  reporting;  and 

■  An  effective  culture  of  risk  assessment. 

This  plan  should  include  the  process  to  identify  current  as  well  as  emerging  risks 
and  the  related  response  strategy  to  manage  and  mitigate  against  or  minimise 
these  risks.  Risks  must  be  identified  per  business  function  within  Musina  Local 
Municipality  but  also  taking  the  other  activities  into  account  to  ensure  optimal 
management  and  results.  Each  of  these  risks  must  be  assessed  and  the  likelihood 
and  the  frequency  of  the  cause  of  the  risk  occurring  and  the  resulting  impact 
severity  of  the  risk  on  the  functions  and  sustainability  of  Musina  Local  Municipality 
must  be  documented  and  considered  by  the  Accounting  Officer  and  Chief  Financial 
Officer. 

4.  Risk  Management  Framework 

This  Policy  is  the  starting  point  in  the  risk  management  framework  and  must  be 
implemented  to  ensure  that  risk  management  becomes  the  concern  of  line  management 
and  everyone  in  the  Municipality  and  that  risk  management  practices  are  consistent  across 
the  whole  of  Municipality.  The  risk  management  framework  adopted  by  this  Policy  is 
comprised  of  four  key  elements  as  illustrated  below. 


Identification 


all  activities  associated  with  the  Municipality’s 
business,  both  existing  and  new  should  be 
assessed  in  order  to  identify  material  current  as 
well  as  emerging  risks,  which  threaten  the 
achievement  of  objectives  or  may  cause  material 
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Measurement 


Management 


Reporting 


loss  or  damage  or  business  continuity 
implications  for  the  stakeholders  or  reputation 
risks  for  the  Municipality 

the  risks  associated  with  any  new  activities  will  be 
evaluated  in  order  to  determine  the  potential 
exposure  to  the  Municipality 
all  material  existing  risks  will  be  re-evaluated  on 
at  least  an  annual  basis 

all  risks  will  be  evaluated  on  a  quantitative  basis 
and  if  this  is  not  appropriate,  qualitative  factors 
will  be  adopted 

appropriate  risk  management  will  enable  the 
Municipality  to  both  minimise  loss  and  optimise 
opportunities 

the  identification  and  monitoring  of  risk  is  the 
responsibility  of  the  Accounting  Officer  but  the 
Chief  Financial  Officer  and  Heads  of 

Departments  also  accept  joint  responsibility 
the  Accounting  Officer  will  co-ordinate  the  risk 
management  system,  monitoring  of  results  and 
the  reporting  of  risks  to  the  Chief  Financial  Officer 
the  operation  of  risk  mitigation  procedures  is  the 
responsibility  of  the  Accounting  Officer  and  the 
Chief  Financial  Officer  with  support  from  the 
Fleads  of  Departments 

all  new  risks  with  a  potential  financial  exposure 
greater  than  an  agreed  amount  as  set  between 
the  Accounting  Authority,  Accounting  Officer  and 
the  Chief  Financial  Officer  or  with  a  high  or 
greater  qualitative  rating,  and  any  material 
changes  to  the  existing  risk  profile  must  be 
reported  to  the  Accounting  Officer  on  a  regular 
basis 

risks  should  be  reported  using  the  following  key 
categories: 


♦  safety/security 

♦  service 

delivery/operational 

♦  human  resources 

♦  strategic 

♦  environmental 


♦  financial 

♦  reputation 

♦  legal  compliance 

♦  political 

♦  health 


5.  Accountability  for  Risk  Management 

The  detailed  line  accountability  for  risk  management  is  fully  aligned  with  the 
Municipality’s  management  structure.  Accordingly,  the  approvals,  responsibilities 
and  accountabilities  applicable  to  the  identification,  evaluation/analysis,  treatment, 
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and  results  and  reporting  of  the  Municipality’s  risks  are  attributed  to  the  Accounting 
Officer  and  the  Chief  Financial  Officer. 

The  Chief  Financial  Officer  is  responsible  for  ultimate  sign  off  of  all  risk  information 
to  the  Council,  and  review  prior  to  any  sign-off. 


6.  Risk  identification  and  tolerance 

6.1  Risk  identification 

Musina  Local  Municipality  will  consider  and  assess  the  risk  implications  of  all 
actions  it  undertakes  in  relation  to  both  existing  and  proposed  activities,  systems 
and  procedures.  All  risks  identified  will  be  evaluated  and  documented,  together 
with  the  processes  which  mitigate  against/manage  those  risks,  and  who  is 
accountable  for  them.  Risk  identification  is  a  line  management  responsibility. 

6.2  Maximum  risk  exposure  /  risk  tolerance 

Musina  Local  Municipality  will  accept  a  commercial  level  of  risk  such  that  the  long¬ 
term  sustainability  of  the  Municipality  is  reasonably  assured. 

Where  new  risks  arise  which  exceed  the  stipulated  measures  set  by  the 
Accounting  Officer  and  the  Chief  Financial  Officer,  they  will  be: 

•  evaluated  as  stipulated  in  this  policy; 

•  immediately  reported  to  the  Accounting  Officer; 

•  monitored  through  the  risk  management  process;  and 

•  promptly  reported  to  the  Chief  Financial  Officer  together  with  a  management 
strategy  of  the  identified  risk. 

The  proposed  management  strategy  could  fall  into  one  or  more  of  the  following 
categories: 


v  accept  the  risk; 
v  reduce  the  risk 
v  spread  the  risk 
v  transfer  the  risk 
v  avoid  the  risk 
v  monitor  the  risk 


7.  Risk  measurement 

Risk  is  to  be  assessed  by  considering  estimates  of  likelihood,  severity  and 
consequence. 

Risk  analysis  may  be  undertaken  using  both  quantitative  and  qualitative  measures. 
Where  possible  all  risk  exposures  should  be  measured  using  a  quantitative  or 
financial  outcome  and/or  human  resource  implications. 
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This  should  be  calculated  as  illustrated  in  the  following  example: 


Gross  risk 

R100 

cost 

Likelihood 

0.5 

factor 

Annual  gross 

R50 

risk  cost 

Control 

50% 

effectiveness 

Net  annual 

R25 

risk  cost 

maximum  cost  of  a  risk  event  to  the  Municipality 

the  frequency  with  which  the  risk  is  likely  to  be 
realised,  in  this  case,  once  every  two  years] 


the  effect  that  insurance  or  other  control  procedures 
have  in  reducing  either  gross  risk  cost  or  likelihood] 


Where  quantitative  measures  are  not  possible,  risks  will  be  measured  using  the 
following  qualitative  criteria: 


Impact 

Likelihood 

Measure 

Definition 

Measure 

Definition 

Extreme 

Municipality  cannot 
continue 

Frequent 

[once  per  month  plus] 

High 

•  5  or  more 
fatalities 

•  Municipality 
reputation 
significantly 
damaged  for  5 
or  more  years 

Annual 

[once  per  year] 

Medium 

•  1  to  5  fatalities 

•  Municipality 
reputation 
significantly 
damaged  for  1 
to  5  years 

Periodic 

[once  every  two  to  five  years] 

Low 

•  Injury 

•  Minor 
reputation 
damage 

Infrequent 

[once  every  five  years  plus] 

8.  Reporting 

8.1  Frequency  and  format 

All  new  risks  and  changes  to  existing  risks  will  be  captured  into  the  risk 
management  system  in  the  month  they  are  identified. 
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The  Accounting  Officer  will  collect  and  aggregate  the  information  and  will  report  to 
the  Chief  Financial  Officer,  monthly,  regarding  the  risk  profile  of  the  Municipality. 

The  Chief  Financial  Offer  will  report  to  the  Council  on  a  regular  basis,  both  the 
current  risk  profile  of  the  Municipality  and  a  summary  of  any  major  changes  since 
the  last  report. 


8.2  Reporting  categories 

The  categories  of  risk  to  be  reported  to  the  Chief  Financial  Officer  and  the  Council 
are  as  follows: 


♦  safety/security 

♦  service 


♦  financial 

♦  reputation 


delivery/operational 

♦  human  resources 

♦  strategic 

♦  environmental 


♦  legal  compliance 

♦  political 

♦  health 


9.  Management  /  treatment 

Risk  treatment  involves  identifying  the  range  of  options  for  treating  risk,  assessing 
those  options,  preparing  risk  treatment  plans  and  implementing  those  plans  in  the 
most  business  like  as  well  as  cost  effective  manner. 

The  selection  and  implementation  of  appropriate  options  for  dealing  with  risk  is  the 
responsibility  of  the  Senior  Management  of  the  Municipality,  subject  to  the  Chief 
Financial  Officer  ratifying  or  amending  the  strategy  proposed  by  management  as 
required  for  material  risks  that  have  been  reported  to  them. 

Where  current  risk  mitigation  controls  are  deemed  ineffective  and  therefore  warrant 
action,  management  will  prepare  appropriate  control  improvement  and  action 
plans.  Included  in  each  control  plan  will  be  the  allocation  of  accountabilities, 
expected  outcomes  and  action  dates  for  the  implementation  and  measurement  of 
the  control  improvement  plan. 

The  management  of  individual  risks  is  somewhat  subjective,  however  the  following 
guidelines  should  be  followed: 

■  the  annual  cost  of  risk  control  should  not  exceed  the  gross  annual  risk  cost; 

■  Musina  Local  Municipality  does  not  seek  to  eliminate  all  risks  nor  be  a  high  risk 
taker  -  moderate  levels  of  risk  are  acceptable;  and 

■  the  resources  allocated  to  risk  treatment  should  be  given  priority  in  the  areas  of 
safety,  health,  environmental,  customer  service,  operational  and  financial. 
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10.  Monitoring  /  review 


The  Chief  Financial  Officer  will  coordinate  an  annual  review  of  the  effectiveness  of 
this  policy  as  well  as  all  organizational  risks,  uninsured  and  uninsurable  risks 
together  with  the  key  managers  in  the  Municipality.  This  annual  review  will  take 
place  immediately  prior  to  the  development  of  the  annual  business  and  integrated 
development  plans  so  that  it  can  have  due  regard  to  the  current  as  well  as  the 
emerging  risk  profile  of  the  business. 

Internal  Audit  will  monitor  key  controls  identified  in  the  risk  management  system  as 
part  of  the  annual  audit  plan  developed  in  conjunction  with  the  Accounting  Officer 
and  approved  by  the  Audit  Committee. 

The  Municipality  will  review  the  risk  profile  in  developing  their  recommendations  to 
the  Council  regarding  the  Municipality’s  risk  financing  (insurance)  policy  and 
strategy. 

11.  Liabilities  and  Risks  payable  in  foreign  currencies 

The  Municipal  Management  Finance  Act  No  56  of  2003  determines  that  no 
municipality  or  municipal  entity  may  incur  a  liability  or  risk  payable  in  a  foreign 
currency.  This  however  does  not  apply  to  debt  regulated  in  Section  47  of  the 
Municipal  Management  Finance  Act  or  to  the  procurement  of  goods  or  services 
denominated  in  a  foreign  currency,  but  the  Rand  value  of  which  is  determined  at 
the  time  of  the  procurement,  or  where  this  is  not  possible  and  risk  is  low,  at  the 
time  of  payment. 

12.  Internal  Audit  Unit 

Musina  Local  Municipality  must  have  an  internal  audit  unit.  The  internal  audit 
unit  is  responsible  for  the  following: 

>  Preparing  a  risk  based  audit  plan  for  each  financial  year 

>  Preparing  an  internal  audit  program  for  each  financial  year 

>  Advising  the  Municipal  Manager  and  reporting  to  the  audit  committee 
on  the  following: 

□  The  implementation  of  the  audit  plan;  as  well  as  any  matters  on 

□  Internal  audit; 

□  Internal  controls; 

□  Accounting  procedures  and  practices; 

□  Risk  and  risk  management; 

□  Performance  management; 

□  Loss  control; 

□  Compliance  with  the  Municipal  Finance  Management  Act  No  56  of 
2003; and 

□  Any  other  applicable  legislation. 

1 .  Perform  any  other  such  duties  as  may  be  assigned  to  the  unit  by 
the  Municipal  Manager. 
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Musina  Local  Municipality  may  determine  that  it  is  cost  effective  to  outsource  the 
auditing  function.  Musina  Local  Municipality  may  also  require  assistance  to 
develop  its  internal  capacity. 


13.  Audit  Committee 

An  audit  committee,  as  an  independent  advisory  body,  must  be  established. 
The  audit  committee  is  responsible  for  the  following: 

a)  Advising  the  Council,  Municipal  Manager  and  Management  staff  on 
the  following  matters: 

□  Internal  audit; 

□  Internal  financial  controls; 

□  Accounting  policies; 

□  Risk  management; 

□  Adequacy,  reliability  and  accuracy  of  financial  reporting  and 
information; 

□  Performance  management; 

□  Effective  governance; 

□  Compliance  with  the  Municipal  Finance  Management  Act  No  56  of 
2003; 

□  Compliance  with  the  Division  of  Revenue  Act;  and  any  other 
applicable  legislation. 

□  Performance  evaluation; 

□  Any  other  issues  referred  to  it  by  the  municipality. 

b)  Review  the  annual  financial  statements; 

c)  Respond  to  the  Council  on  any  issues  raised  by  the  Auditor  General; 

d)  Carry  out  any  investigations  into  the  financial  affairs  of  the 
municipality  as  the  Council  may  request. 

The  audit  committee  may  have  access  to  the  financial  records  and  any  other 
relevant  information  of  the  municipality. 

The  audit  committee  must  liaise  with  the  internal  auditors  and  the  person 
designated  to  audit  the  financial  statements  of  the  municipality. 

The  audit  committee  must  consist  of  at  least  three  persons  with 
Appropriate  experience,  the  majority  of  whom  may  not  be  in  the  employ 
of  the  municipality. 

The  audit  committee  must  meet  at  least  four  times  a  year. 

The  council  must  appoint  the  members  of  the  audit  committee.  One  of  the 
members  who  is  not  in  the  employ  of  the  municipality  must  be  appointed  as 
the  chairperson  of  the  committee. 

No  councillor  may  be  a  member  of  the  audit  committee. 
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